An interview with Volker Mayr, Chief Information Officer, Zurich Financial Services


“Given the nature of data in FSI, open APIs are a big challenge. It can only come together with a mature consent management system to make sure customers can fully control their data.”

FST Media: What IT and cybersecurity issues keep you up at night?

Mayr: For cybersecurity, it’s that undefined feeling that we might have missed a vulnerability or threat; that’s something that weighs on my mind. The ones we are aware of, we can and do manage in a very good way. But are we sure there is nothing else?

FST Media: In today’s hyper-connected digital age, enterprises are working with scores of third parties in a complex digital supply chain. In your experience in IT outsourcing, what are the crucial questions that IT leaders need to know to secure and manage digital supply chain risk?

Mayr: For me, it is threefold: What is the impact of the provider on business-critical processes? What is the business continuity plan (BCP) of the provider – in particular, when one’s own business critical processes are impacted? And, finally, what is the provider’s data governance maturity?

FST Media: How can FSIs find the right balance between protecting data assets while at the same time creating a secure open API that allows real-time data sharing?

Mayr: Given the nature of data in FSI, open APIs are a big challenge. It can only come together with a mature consent management system to make sure customers can fully control their data.

FST Media: The role of CIOs and CISOs has evolved considerably in the last three to five years. As the roles become more collaborative and take on shared responsibility for business continuity and resilience goals, will we see the differences between these two roles blurring? Is it advantageous for the industry to once again merge these roles?

Mayr: Not in my view. There is an overlap, but the focus is different and, given the increasing focus on security, the required specialised skills – also from a management perspective – need to be maintained and developed, which is easier with the role of a CISO. Nevertheless, it is very important for the two areas to work hand in hand.

FST Media: Last year, Zurich Insurance Group signed a partnership with the World Economic Forum’s Global Centre for Cyber Security to join government organisations, businesses, experts and law enforcement agencies to address cybersecurity issues. Are Australian FSIs collaborating enough with government and industry to combat cybersecurity collectively? How can we engender further collaboration between these parties?

Mayr: There are good efforts, in particular, from the government to foster collaboration within the industry. But we are nowhere close to where FSI needs to be – both in terms of security strategy and execution. The willingness to share weak points are, by definition, very limited, which makes it harder to have a joint defence plan. The topic is still not as prominent as other areas or not openly discussed in the right areas.

FST Media: What are some of the lesser-recognised cybersecurity threats that FSIs should be paying more attention to?

Mayr: The human factor. Too often we talk about technology and forget the people.

FST Media: As an IT leader, who are your professional role models and how have they shaped your leadership style?

Mayr: For me, there is not one model. I try to learn from different people, often outside of my own industry and profession.